Jump to content

Apple urges Australian government not to weaken encryption with backdoors

Speed Weed
By Speed Weed
in Tech News
 Share
Posted
1 hour ago, mr moose said:

You just want an absolute system and anything that isn't you have issues with. It's fine if you don't trust the judicatory, everyone's entitled to their own opinions on that. But if we take that stance on everything then you will have nothing.  Because no laws will be allowed to be passed at all, the police will not be allowed to do their job, all data will be considered unethically obtained therefore no evidence exists anymore.  You are only happy with what will essentially lead to a chaotic existence.

 

 

I take an absolute stance when it comes to computer security, because of the massive consequences improper handling of data inevitably lead to. 

We have already seen what devistation government negligence lead to on these fronts, with the likes of NSA (which the Australian government tightly work together with as a 5 eyes ally). 

 

I am all for laws being passed, but they can't threaten data security. This bill does, so I am against it. It really is as simple as that. 

 

At the end of the day, people need their data to be secure. Like Apple argues, it is extremely important for security reasons. But software is completely agnostic. It can not differentiate between a law abidding user and a criminal. So we can not remove security from criminals while retaining security for legitimate users. It can not be done. Any such system will be entirely reliant on a human, which can be corrupted or have malicious intent, like we have seen in the countless of leaks showing people at the NSA and other agencies for example spying on their ex-lovers. 

 

We either give everyone security, or nobody security. There is no middle ground since math (the software) can't take intent into consideration. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
10 minutes ago, Amazonsucks said:

People tend to throw them on the e waste pile every year though. Theyre not a Lexus or Rolls Royce or something that people would keep around forever.

Except when there are 40 million sales in a single quarter and ten million during launch week, it becomes obvious that even if everyone buys a new phone every year (which they don't), that 50 million is low. 

 

Even looking at the 1 billion plus figure (1.2 last I saw) -- that is surely weighted more heavily towards the more recent years, and dividing it by the 11 year history equates to over 100 million per year. And again that is weighting all years equally which is absolutely an underestimation of recent sales figures. It looks like it was about 200 million sales in 2017 alone https://www.statista.com/statistics/263401/global-apple-iphone-sales-since-3rd-quarter-2007/. Then there is the 1.3 billion active devices -- sure that's not just iPhones, but being that iPhones make up such a large part of Apple's market, it's pretty safe to say that it makes up a sizeable chunk of that figure. 

 

I'd put the total number of active iPhones somewhere in the mid to high hundred millions.

PSU Tier List | CoC

Gaming Build | FreeNAS Server

Spoiler

i5-4690k || Seidon 240m || GTX780 ACX || MSI Z97s SLI Plus || 8GB 2400mhz || 250GB 840 Evo || 1TB WD Blue || H440 (Black/Blue) || Windows 10 Pro || Dell P2414H & BenQ XL2411Z || Ducky Shine Mini || Logitech G502 Proteus Core

Spoiler

FreeNAS 9.3 - Stable || Xeon E3 1230v2 || Supermicro X9SCM-F || 32GB Crucial ECC DDR3 || 3x4TB WD Red (JBOD) || SYBA SI-PEX40064 sata controller || Corsair CX500m || NZXT Source 210.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 hours ago, LAwLz said:

I take an absolute stance when it comes to computer security, because of the massive consequences improper handling of data inevitably lead to. 

We have already seen what devistation government negligence lead to on these fronts, with the likes of NSA (which the Australian government tightly work together with as a 5 eyes ally). 

 

I am all for laws being passed, but they can't threaten data security. This bill does, so I am against it. It really is as simple as that. 

 

At the end of the day, people need their data to be secure. Like Apple argues, it is extremely important for security reasons. But software is completely agnostic. It can not differentiate between a law abidding user and a criminal. So we can not remove security from criminals while retaining security for legitimate users. It can not be done. Any such system will be entirely reliant on a human, which can be corrupted or have malicious intent, like we have seen in the countless of leaks showing people at the NSA and other agencies for example spying on their ex-lovers. 

 

We either give everyone security, or nobody security. There is no middle ground since math (the software) can't take intent into consideration. 

And that's the problem, this law does not take away security, as I have said countless times it DOES NOT force anyone to make a back door or weaken security.  If they can't assist with the request without causing a systemic weakness then this law does not apply. 

 

This is the bit you can't get your head around:

If they can't get the information they need without breaking security beyond the scope of the warrant then they don't have to. PERIOD.  This does not force any company to break security as you think it will be broken.

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
34 minutes ago, mr moose said:

And that's the problem, this law does not take away security, as I have said countless times it DOES NOT force anyone to make a back door or weaken security.  If they can't assist with the request without causing a systemic weakness then this law does not apply. 

And I have time and time again explained how it will weaken security because it is IMPOSSIBLE to give access to data for let's say the police, without lowering the security of the system.

I have also, time and time again, said and pointed out that the definition of "lowering security" is very much up for debate in certain situations. It is not a black and white thing like 1+1=2. Even the example given of a supposedly "non systemic weakness" is in fact a systemic weakness since it could be applied to any user of the service (in the case of the example, iCloud) and any kind of safe-guard protecting users from abuse is 100% reliant on a human "doing the right thing", rather than relying on technical merits of the system itself.

 

 

34 minutes ago, mr moose said:

If they can't get the information they need without breaking security beyond the scope of the warrant then they don't have to. PERIOD.  This does not force any company to break security as you think it will be broken.

And the part you can't seem to get your head around is that whether or not something "breaks security" is not a black and white thing. If you go by my definition, which is based on things such as security guidelines and certifications, then the mere act of giving police direct or indirect access inherently lowers security. Every additional person who can see the data lowers the security of the system. PERIOD.

If we go by that definition, which I strongly believe is the correct one, then this bill is completely useless.

 

Can you give a single example a way for police to gain access to a users data, which can not be misused or lowers security? I know that it is impossible, but you seem to don't think it is. The only way to fulfill those two requirements are if you got very loose definitions of what misuse might be, or a loose definition of what "lowering security" might mean. Does it have to lower the security directly? Does it have to lower the security indirectly? What about forcing companies to implement things which are so complex and costy that they can't possibly comply with the order without taking shortcuts which compromises all users? In such a scenario the order itself may fulfill the bill's limitations (the order can't lower security) but the practical effect of it ends up being lower security (because the company has to choose either go bankrupt or take shortcuts which compromises security).

 

I think it is very clear that you have a very serious lack of understanding how computer systems work, and your requests truly are as mindbogglingly nonsensical as demanding that a knife that can only stab bad people be made.

IT. CAN. NOT. BE. DONE.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, LAwLz said:

And I have time and time again explained how it will weaken security because it is IMPOSSIBLE to give access to data for let's say the police, without lowering the security of the system.

and in those cases thee request cannot be filled.

3 minutes ago, LAwLz said:

I have also, time and time again, said and pointed out that the definition of "lowering security" is very much up for debate in certain situations. It is not a black and white thing like 1+1=2. Even the example given of a supposedly "non systemic weakness" is in fact a systemic weakness since it could be applied to any user of the service (in the case of the example, iCloud) and any kind of safe-guard protecting users from abuse is 100% reliant on a human "doing the right thing", rather than relying on technical merits of the system itself.

 

I think your just arguing for the sake of it now.

3 minutes ago, LAwLz said:

And the part you can't seem to get your head around is that whether or not something "breaks security" is not a black and white thing. If you go by my definition, which is based on things such as security guidelines and certifications, then the mere act of giving police direct or indirect access inherently lowers security.

That can only be determined on a case by case bases, if in a case they determine it breaks security then the law doesn't apply.  if they determine it doesn't break security then the bill applies. 

 

3 minutes ago, LAwLz said:

 

Every additional person who can see the data lowers the security of the system. PERIOD.

 

As soon as you have the ability for one person to see the data who isn't permitted, either during or after the warrant expires it is a systemic weakness so is not subject to this bill. Really not sure why that is a hard concept to grasp.

 

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, mr moose said:

and in those cases thee request cannot be filled. 

So what is the purpose of this bill then, if it can not be used as a tool to for example give police or other authorities access to information?

 

 

1 minute ago, mr moose said:

That can only be determined on a case by case bases, if in a case they determine it breaks security then the law doesn't apply.  if they determine it doesn't break security then the bill applies. 

There are no scenarios where it won't lower security. None. I challenge you to come up with a single scenario.

 

2 minutes ago, mr moose said:

As soon as you have the ability for one person to see the data who isn't permitted, either during or after the warrant expires it is a systemic weakness so is not subject to this bill. Really not sure why that is a hard concept to grasp.

No, as soon as an additional person, warrant or not, has access the security is weakened. The more people who has access, the weaker the security.

And no, it can be a systemic weakness even if someone has a warrant, because the software has no way of identifying by itself if someone has a warrant or not. If someone can access data with a warrant, then they can also access it without a warrant. There is no technical or mathematical function which only lets a person with a warrant look at data.

 

It is a hard concept to grasp because you clearly don't understand the concept of how software works.

It really is like saying "just design it so that the knife can't stab a good person. I don't understand how this is hard to understand.".

 

 

I'll ask you again.

Can you give a single example a way for police to gain access to a users data, which can not be misused or lowers security?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, LAwLz said:

So what is the purpose of this bill then, if it can not be used as a tool to for example give police or other authorities access to information?

 

 

There are no scenarios where it won't lower security. None. I challenge you to come up with a single scenario.

 

No, as soon as an additional person, warrant or not, has access the security is weakened. The more people who has access, the weaker the security.

And no, it can be a systemic weakness even if someone has a warrant, because the software has no way of identifying by itself if someone has a warrant or not. If someone can access data with a warrant, then they can also access it without a warrant. There is no technical or mathematical function which only lets a person with a warrant look at data.

 

It is a hard concept to grasp because you clearly don't understand the concept of how software works.

It really is like saying "just design it so that the knife can't stab a good person. I don't understand how this is hard to understand.".

 

 

I'll ask you again.

Can you give a single example a way for police to gain access to a users data, which can not be misused or lowers security?

You keep pointing to instances where the bill does not apply claiming the bill is flawed,  I can do that:  look this car isn't speeding, therefore  speeding laws with consequences are a stupid over reach of power.

 

You are the one claiming this bill only exists to do the one thing it specifically limits itself from doing.  You make the claim, you provide the proof, you show me how there is nothing in any of the current services providers that operate in Australia that can be done to retrieve data without giving access to unauthorised people.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, mr moose said:

You keep pointing to instances where the bill does not apply claiming the bill is flawed,  I can do that:  look this car isn't speeding, therefore  speeding laws with consequences are a stupid over reach of power. 

"You just keep pointing out instances where the knife could stab a good person, without coming with examples of when it couldn't!".

 

4 minutes ago, mr moose said:

You are the one claiming this bill only exists to do the one thing it specifically limits itself from doing.  You make the claim, you provide the proof, you show me how there is nothing in any of the current services providers that operate in Australia that can be done to retrieve data without giving access to unauthorised people.

No I am not. I have repeatedly said that if the bill works the way you describe it, it is completely useless because there are no circumstances where giving police or any other previously unauthorized person access to data doesn't reduce security or introduce the possibility of abuse.

Also, I can't prove a negative, but I shouldn't have to. It is up to the bill and the bill's supporters to make an argument for why this bill is necessary and how it works. It's the people asking for change that needs to justify their position, not the other way around. All changes made should lead to something better. If you can't explain what benefits a change has then it should not be made to begin with.

 

I'll ask you a third time.

Can you give a single example a way for police to gain access to a users data, which can not be misused or lowers security?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, LAwLz said:

"You just keep pointing out instances where the knife could stab a good person, without coming with examples of when it couldn't!".

 

No I am not. I have repeatedly said that if the bill works the way you describe it, it is completely useless because there are no circumstances where giving police or any other previously unauthorized person access to data doesn't reduce security or introduce the possibility of abuse.

Also, I can't prove a negative, but I shouldn't have to. It is up to the bill and the bill's supporters to make an argument for why this bill is necessary and how it works. It's the people asking for change that needs to justify their position, not the other way around. All changes made should lead to something better. If you can't explain what benefits a change has then it should not be made to begin with.

 

I'll ask you a third time.

Can you give a single example a way for police to gain access to a users data, which can not be misused or lowers security?

Ask as many times as you want, my argument is and has only ever been that this law specifically does not permit the systemic weakening of security.

I have provided evidence for that,  it is not my job to find ways to implement it, In fact I don't even care to try.  If you don't want to believe it has a purpose then that is fine,  by all means, but that does not change the facts as I have presented and evidence them. 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
37 minutes ago, mr moose said:

Ask as many times as you want, my argument is and has only ever been that this law specifically does not permit the systemic weakening of security. 

And my arguments have been that:

1) The definition of what is and isn't a "systemic weakening of security" is not strictly defined and there will be several situations where one person thinks a proposal is a systemic weakness, and another person don't believe it is. In the case of such a disagreement, it is up to a court to decide.

2) I do not trust that they can make such heavily technical decisions.

3) Even if I did trust them to make such decisions, I fundamentally believe that it is bad to have data security rely on trust in other people when it is possible to have security rely on mathematics and other technical merits instead.

4) I have also argued that just because something isn't "systemic" does not mean it is harmless. A non-systemic weakness can still be harmful to innocent users.

5) This bill was created for the purpose of creating ways for agencies such as the police to gain access to information. It is impossible to give the police access to data without lowering the security of a system. As a result, the indirect consequence of this bill is that security will be lowered if it ever gets acted upon. The purpose of the bill inherently goes against the thing it says it won't do (lower security).

 

Those are my arguments.

Do you disagree with any of them? If so, explain why you disagree and explain your reasoning behind it. Preferably also give examples of how you believe things will play out, such as what you think constitutes a way for the police to gain information without introducing the risk of malicious actions or weakening security for others.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, LAwLz said:

And my arguments have been that:

1) The definition of what is and isn't a "systemic weakening of security" is not strictly defined and there will be several situations where one person thinks a proposal is a systemic weakness, and another person don't believe it is. In the case of such a disagreement, it is up to a court to decide.

2) I do not trust that they can make such heavily technical decisions.

3) Even if I did trust them to make such decisions, I fundamentally believe that it is bad to have data security rely on trust in other people when it is possible to have security rely on mathematics and other technical merits instead.

4) I have also argued that just because something isn't "systemic" does not mean it is harmless. A non-systemic weakness can still be harmful to innocent users.

5) This bill was created for the purpose of creating ways for agencies such as the police to gain access to information. It is impossible to give the police access to data without lowering the security of a system. As a result, the indirect consequence of this bill is that security will be lowered if it ever gets acted upon. The purpose of the bill inherently goes against the thing it says it won't do (lower security).

you don't believe, trust, accept the definitive wording in the bill  and wish to apply your own assumptions of why it was created, Yes they are assumptions unless you have been talking to the authors and have the advice they are privy to.

 

1 hour ago, LAwLz said:

Those are my arguments.

Do you disagree with any of them? If so, explain why you disagree and explain your reasoning behind it. Preferably also give examples of how you believe things will play out, such as what you think constitutes a way for the police to gain information without introducing the risk of malicious actions or weakening security for others.

They are your opinions and no matter what I say, you are just going to keep repeating yourself as if those opinions trump mine or that those opinions outweigh what is written in the bill. I have already given your many reasons and cited the bill directly with definitions. If you are scared that they have nefarious motivations, well, no body is going to change that fear.   I don't think it is possible to write the bill any more explicitly, so it doesn't matter what anyone says. 

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Leshya said:

Tell me about it, our fucking gas is 9.76NZD per gallon, that's 6.38USD

IKR,  Unless you can afford to buy a brand new diesel ute, those who need to tow for work or have bigger families are coping $100 per week in fuel expenses.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 10/18/2018 at 3:11 AM, mr moose said:

That's the bit people are getting confused with, no one is claiming these laws make anything more secure or less secure.   All this law says is that if there is a way to give authorities certain data then they must, if there isn't then they both they can't and don't have to.

That is different to this bill, this bill doesn't in any way make it illegal to further secure services for clients, nor does it make it possible for authorities to enforce a backdoor into any encrypted or otherwise secure service.  Countries that are considering outlawing VPN's will do so for their own reasons, whether we agree with them or not is a different story.

Yes the bill has three stages, that is basically three opportunities for the authorities to request help and make their case,  they can issue a fine, but like all fines in Australia the company can choose not to pay it and go to court instead, the court is impartial in Australia so the government would have to be absolutely sure the request it made was within the guidelines, which means it is highly improbably that a company will get fined for not helping the authorities with services they can that are within the limitations of this bill.   The limitations I linked to before is a very important document that sets out what requests cannot be made and do not have to be upheld.  Essentially trying to fine apple for not complying with a backdoor request would be like trying to fine someone for J-walking when there is a video and 30 witnesses of that person in a court house 100Km away at he alleged time of the event.

It's not about that the bill directly makes a change, but it does so in the background. I took the VPNs as an example because they are not "illegal" but with law they are made completely useless. Just as a government wants to ban diesel cars, making a law that says "You shall not drive a diesel car" is never gonna go through and people will be on the barricades, but word it "Anyone driving a car that doesn't use gasoline, electric or (anything else other than diesel) as it's power source must pay 1000% tax on it" and it might slip through and basicly ban diesel cars because now no one has the money to drive one.

 

Same goes here. First officials get the warrant for the suspects data and ask the company to hand the data over, company says it can't do it and then it's up to one person to make the choice to move up to the next stage and demand the data forced by a fine or not. And there we have the problem, the one person making the choice doesn't know about the systems that the company has and as with many question concerning security that company probably cannot give the exact answer because that might compromise the security of their systems. So the question for companies becomes do they implement some kind of backdoor in the fear of going to the court because someone who probably doesn't know how their systems is build didn't trust the argument "We cannot give you the data, because it's encrypted" mailed with normal vague explanation about their security. And the court case isn't just that they might get fined, but there's also the PR side, which is probably the worst (think about Apple being in court and the case is about why Apple cannot give the police data of suspected mass raper, "very good PR for Apple"), and monetary side, how expensive that court case is going to be. It's not about the law requiring backdoors, it's the probable consequences of not being able to provide the requested data that make it probable that companies must include backdoors.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Thaldor said:

It's not about that the bill directly makes a change, but it does so in the background. I took the VPNs as an example because they are not "illegal" but with law they are made completely useless. Just as a government wants to ban diesel cars, making a law that says "You shall not drive a diesel car" is never gonna go through and people will be on the barricades, but word it "Anyone driving a car that doesn't use gasoline, electric or (anything else other than diesel) as it's power source must pay 1000% tax on it" and it might slip through and basicly ban diesel cars because now no one has the money to drive one.

 

Same goes here. First officials get the warrant for the suspects data and ask the company to hand the data over, company says it can't do it and then it's up to one person to make the choice to move up to the next stage and demand the data forced by a fine or not. And there we have the problem, the one person making the choice doesn't know about the systems that the company has and as with many question concerning security that company probably cannot give the exact answer because that might compromise the security of their systems. So the question for companies becomes do they implement some kind of backdoor in the fear of going to the court because someone who probably doesn't know how their systems is build didn't trust the argument "We cannot give you the data, because it's encrypted" mailed with normal vague explanation about their security. And the court case isn't just that they might get fined, but there's also the PR side, which is probably the worst (think about Apple being in court and the case is about why Apple cannot give the police data of suspected mass raper, "very good PR for Apple"), and monetary side, how expensive that court case is going to be.

 

That's not quite how these things are handled,  Yes you can get one person giving the o.k, but they don't do it alone and they still have to operate within the realms of the law.

 

People are bringing a whole array of what ifs and maybes that aren't really related to he problem.  So what if it might present apple with a bit of bad PR, it might also give them good PR. It might mean nothing and they might in some cases they might have to follow a law they would rather not. But at the end of the day if the bill is held to it's word then not complying would be like not complying with a tax audit.  

 

1 hour ago, Thaldor said:

It's not about the law requiring backdoors, it's the probable consequences of not being able to provide the requested data that make it probable that companies must include backdoors.

 

huh?  so even though the law can't force a company to include a backdoor, you still think this will lead to them being forced to include one?  If the request leads to a systemic weakness (I.E a weakness in the system), the request cannot be made, and does not have to be followed.  If a backdoor is not a systemic weakness then I don't know what is. In fact going on the very wording they used, anything that undermines the security of the system (the system being any service e.g icloud or IM service) is not permitted and not covered by the bill. 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
12 hours ago, mr moose said:

They are your opinions and no matter what I say, you are just going to keep repeating yourself as if those opinions trump mine or that those opinions outweigh what is written in the bill.

No, the things I listed are not just my opinions. For example fact that different people have different definitions of what is and isn't a reduction in security is not an opinion, it's a fact.

That it is impossible to give police access to data without inherently lowering the secuirty of a system is also a fact, if we go by the same definition used in for example security certifications and many security guidelines.

 

Also, I really don't like that you keep refusing to answer any question I ask you. Questions such as this one:

15 hours ago, LAwLz said:

Can you give a single example a way for police to gain access to a users data, which can not be misused or lowers security?

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
9 hours ago, LAwLz said:

No, the things I listed are not just my opinions. For example fact that different people have different definitions of what is and isn't a reduction in security is not an opinion, it's a fact.

Systemic has a definition,  it literally means pertaining to the system and not a part of it, in fact most dictionaries specifically point out that to be systemic it has to effect the whole system not just one part of it.  You can make up as many other definitions for that as you want, but there is  reason lawyers speak in legalise and it's not just to protect their jobs.

9 hours ago, LAwLz said:

That it is impossible to give police access to data without inherently lowering the secuirty of a system is also a fact, if we go by the same definition used in for example security certifications and many security guidelines.

for the umpteenth time, if the service they request cannot be given without "inherently lowering the secuirty of a system", then the bill DOES NOT APPLY.  They can't ask and service providers don't have to comply. Which makes your concern, assumption, reasoning completely irrelevant. 

 

9 hours ago, LAwLz said:

Also, I really don't like that you keep refusing to answer any question I ask you. Questions such as this one:

 

I already told you why:

On 10/19/2018 at 8:02 AM, mr moose said:

Ask as many times as you want, my argument is and has only ever been that this law specifically does not permit the systemic weakening of security.

I have provided evidence for that,  it is not my job to find ways to implement it, In fact I don't even care to try.  If you don't want to believe it has a purpose then that is fine,  by all means, but that does not change the facts as I have presented and evidence them. 

 

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

 

I think both @mr mooseand @LAwLz are correct but neither of you will ever see it as an agreement. From a technical point of view, they can't do anything to weaken security. But at the end of the day it is still up to whomever can make the most compelling argument and with whom the court agrees with, keeping in mind that these matters tend to be handled by tech illiterates.

 

It (weakening security) will try to get pushed (possibly successfully), but I don't think this bill in particular will change a government from trying to get something through -- it MIGHT make it a bit easier since, again, you're going to be dealing with tech illiterates who don't understand the nuance of the matter -- but I don't know if I'd go that far.

 

As to whether or not the bill can do anything since systematic weaknesses shouldn't be allowed -- the exception could be if the weakness already exists in the current iteration -- then they have to exploit the weakness (and would then patch it for any still relevant device if a patch is possible).

PSU Tier List | CoC

Gaming Build | FreeNAS Server

Spoiler

i5-4690k || Seidon 240m || GTX780 ACX || MSI Z97s SLI Plus || 8GB 2400mhz || 250GB 840 Evo || 1TB WD Blue || H440 (Black/Blue) || Windows 10 Pro || Dell P2414H & BenQ XL2411Z || Ducky Shine Mini || Logitech G502 Proteus Core

Spoiler

FreeNAS 9.3 - Stable || Xeon E3 1230v2 || Supermicro X9SCM-F || 32GB Crucial ECC DDR3 || 3x4TB WD Red (JBOD) || SYBA SI-PEX40064 sata controller || Corsair CX500m || NZXT Source 210.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
9 minutes ago, 79wjd said:

 

I think both @mr mooseand @LAwLz are correct but neither of you will ever see it as an agreement. From a technical point of view, they can't do anything to weaken security. But at the end of the day it is still up to whomever can make the most compelling argument and with whom the court agrees with, keeping in mind that these matters tend to be handled by tech illiterates.

 

It (weakening security) will try to get pushed (possibly successfully), but I don't think this bill in particular will change a government from trying to get something through -- it MIGHT make it a bit easier since, again, you're going to be dealing with tech illiterates who don't understand the nuance of the matter -- but I don't know if I'd go that far.

 

As to whether or not the bill can do anything since systematic weaknesses shouldn't be allowed -- the exception could be if the weakness already exists in the current iteration -- then they have to exploit the weakness (and would then patch it for any still relevant device if a patch is possible).

I agree,  there are no absolute guarantees of anything in life, and as I've said before (in this thread even I think), if we don't permit any law for fear it will lead to further laws being abused or judiciaries getting it wrong, then we may as well live in a free for all chaotic society.   I take comfort in knowing that facebook and apple can go to court and take their expert software engineers and get independent software engineers to vouch for their reasoning if it is necessary. 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

What I don't understand is just ask Apple to unlock the phone with a police request system. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, RorzNZ said:

What I don't understand is just ask Apple to unlock the phone with a police request system. 

The way Apple does security and encryption means they can't unlock the devices, that mind you is proper security as far as a user is concerned. A change to allow Apple to do that would be implementing a change that would likely come under a systemic weakness clause of this proposed law. Apple could do it if they wanted but this wouldn't allow it to be forced on them.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
8 minutes ago, leadeater said:

The way Apple does security and encryption means they can't unlock the devices, that mind you is proper security as far as a user is concerned. A change to allow Apple to do that would be implementing a change that would likely come under a systemic weakness clause of this proposed law. Apple could do it if they wanted but this wouldn't allow it to be forced on them.

They already can undo iCloud unlocks, providing you show proof of purchase (although it's rarely done), I'm sure with proper implementation I don't see why they can't. A better idea would not to tell the public but just the major agencies involved, although would be hard to keep under wraps. With all the previous FBI stuff I wouldn't be suprised if we see this sort of thing come up more often. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, RorzNZ said:

They already can undo iCloud unlocks, providing you show proof of purchase (although it's rarely done), I'm sure with proper implementation I don't see why they can't. A better idea would not to tell the public but just the major agencies involved, although would be hard to keep under wraps. With all the previous FBI stuff I wouldn't be suprised if we see this sort of thing come up more often. 

not hard to keep under wraps but impossible to keep under wraps, which is why a backdoor can never be permitted. 

 

How do apple undo icloud locks, if they can undo the lock with out the key then doesn't that mean they can access the data?

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, mr moose said:

not hard to keep under wraps but impossible to keep under wraps, which is why a backdoor can never be permitted. 

 

How do apple undo icloud locks, if they can undo the lock with out the key then doesn't that mean they can access the data?

If you enable cloud syncing on iOS, it will upload the things you allow it to, to your iCloud account.

Apple can't break the onboard encryption on iPhones, but they can access data uploaded to iCloud.

 

Apple doesn't have access to data stored locally on phones, but they do have access to any data stored on their server, and there is sometimes (quite often) an overlap.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 hours ago, RorzNZ said:

They already can undo iCloud unlocks, providing you show proof of purchase (although it's rarely done), I'm sure with proper implementation I don't see why they can't. A better idea would not to tell the public but just the major agencies involved, although would be hard to keep under wraps. With all the previous FBI stuff I wouldn't be suprised if we see this sort of thing come up more often. 

That's iCloud though, the devices themselves can't. Though if the majority of people using iPhones use iCloud and backup the phones to that as well as sync the data itself unlocking the device in most cases wouldn't even be required.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
9 hours ago, mr moose said:

not hard to keep under wraps but impossible to keep under wraps, which is why a backdoor can never be permitted. 

 

How do apple undo icloud locks, if they can undo the lock with out the key then doesn't that mean they can access the data?

Well if I knew how then I would be a lot wealthier lol. I believe they just remove the account altogether, but I would assume if its on their servers, then they have access to that data. 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×